How to Seal a PDF Document Online with Legal Timestamp

Sealing a PDF document online with a legal timestamp is one of the most practical steps any individual or business can take to protect the integrity and provenance of their documents. A ZertES-certified cryptographic seal creates court-admissible proof that a specific PDF existed in its exact current form at a verified point in time — and that proof holds in Switzerland, across all 27 EU member states, and in 181 Berne Convention countries worldwide.

This guide walks through the complete process: what sealing a PDF actually means, the legal basis for its admissibility, and how to do it in under two minutes using Swiss Trust Layer.

What Does It Mean to Seal a PDF Document?

Sealing a PDF is not the same as digitally signing it. A digital signature associates the document with a specific person's identity — it says "I, the identified signer, endorse this document." A cryptographic seal proves something different: that this exact document — this precise sequence of bytes — existed at this certified moment in time.

The technical mechanism is a SHA-256 cryptographic hash. The platform computes a unique mathematical fingerprint of your PDF. Any subsequent change to the document — even altering a single character, changing the metadata, or re-saving it — produces a completely different hash. This makes tampering immediately detectable.

The hash is then submitted to Swisscom Trust Services, which anchors it to a certified timestamp. Swisscom is simultaneously a ZertES-accredited certification authority under Swiss federal law and an eIDAS-qualified trust service provider (QTSP) on the EU Trust List. The timestamp it issues carries legal presumption of accuracy under both frameworks.

The result is a PAdES-compliant certificate containing: the document hash, the certified timestamp, the full issuer certificate chain, and long-term validation (LTV) data that keeps the certificate verifiable for decades.

The Legal Basis: ZertES and eIDAS

ZertES SR 943.03 — Switzerland

Switzerland's Federal Act on Electronic Signatures (ZertES, Bundesgesetz über Zertifizierungsdienste) defines the conditions under which a qualified electronic timestamp carries legal weight before Swiss courts. Article 14 grants a qualified timestamp issued by a BAKOM-accredited certification service provider (ZDA) the legal presumption that:

The time indicated is accurate
The data has not been altered since the timestamp was applied

Swisscom Trust Services is one of the leading ZertES-accredited ZDAs. A PDF sealed through Swiss Trust Layer carries this legal presumption in every Swiss proceeding.

eIDAS Regulation EU 910/2014 — EU Member States

Article 41 of the eIDAS Regulation creates the equivalent legal presumption across all 27 EU member states: a qualified electronic timestamp is presumed accurate and the data integrity is presumed intact. The challenger must rebut this presumption — the document holder does not need to prove it.

Because Swisscom Trust Services holds dual ZertES (Swiss) and eIDAS (EU) qualification, every Swiss Trust Layer seal satisfies both frameworks simultaneously. One seal, two jurisdictions.

Berne Convention — 181 Countries

For intellectual property purposes, Switzerland's Berne Convention membership (since 1887) means that a ZertES-certified proof of creation date is recognised as evidence of authorship in all 181 member countries. This is directly relevant when a sealed PDF contains a creative work — a design, a manuscript, source code, a business plan — whose authorship may later be disputed.

Step-by-Step: How to Seal a PDF with Swiss Trust Layer

Step 1: Upload Your PDF

Navigate to swisstrustlayer.com and log in to your account (or create one — the process takes under two minutes and no credit card is required for the free tier). Select the file upload option.

Upload your PDF document. Swiss Trust Layer accepts all standard PDF versions including PDF/A (archival format), PDF/UA (accessible format), and password-protected PDFs provided you have the password. The maximum file size for a single seal is 500 MB. If your document exceeds this, consider splitting it or creating a ZIP archive.

Important: your file content is never stored on Swiss Trust Layer's servers. Only the SHA-256 hash of your document is transmitted to Swisscom Trust Services. Your PDF remains entirely under your control.

Step 2: Apply the ZertES / eIDAS Seal

Once uploaded, Swiss Trust Layer computes the SHA-256 hash of your PDF locally in your browser. This hash — a 64-character hexadecimal string — is a unique fingerprint of your document.

The hash is submitted to Swisscom Trust Services' Signing Service API. Swisscom applies a qualified electronic timestamp: it cryptographically binds your document's hash to the precise current time, certified by Swisscom's accredited infrastructure.

The seal is not a watermark, not a visible annotation, and not a metadata tag. It is a mathematical proof embedded in the document structure, conforming to the PAdES (PDF Advanced Electronic Signatures) standard defined by ETSI EN 319 102-1. This standard is specifically recognised under both ZertES and eIDAS as the appropriate format for PDF-embedded qualified signatures and timestamps.

The entire process takes under five seconds once you click "Seal." You do not need a hardware token, a smart card, or any installed software. The complete workflow runs in a standard web browser.

Step 3: Download Your Certificate

You receive two items:

The sealed PDF: Your original document with the PAdES-embedded timestamp. This is a standard PDF that can be opened by any PDF reader. Readers supporting digital signature verification (Adobe Acrobat, Foxit, PDF-XChange) will display the seal information directly in the signature panel.

The certificate document: A separate PDF certificate containing:

The SHA-256 hash of your original document
The certified timestamp (date, time, timezone — accurate to the second)
The Swisscom Trust Services issuer certificate chain
The QTSP accreditation reference
A verification link to swisstrustlayer.com/validate
Long-term validation (LTV) data ensuring the certificate remains verifiable after the issuer certificate expires

Store both documents together. The sealed PDF and the certificate are complementary — the certificate provides the human-readable proof, while the sealed PDF contains the machine-verifiable cryptographic evidence.

Verifying a Sealed PDF

Any party — a lawyer, a judge, an auditor, a counterparty — can verify your sealed PDF at swisstrustlayer.com/validate without logging in, without contacting Swiss Trust Layer, and without any cooperation from you.

The verification process:

Upload the sealed PDF to the validator

The validator recomputes the SHA-256 hash

It checks the hash against the embedded Swisscom timestamp

It validates the Swisscom certificate chain against the EU Trust List and ZertES accreditation records

It returns: verified/not verified, the original hash, the certified timestamp, and the QTSP details

If any part of the document has been modified since sealing — even a single pixel in an image, a space added to the text, or a metadata change — the hash will not match and the verification will fail. This makes post-seal tampering immediately detectable and legally significant.

When to Seal a PDF

The general rule: seal before you share. Once a PDF has left your exclusive control — sent to a colleague, uploaded to a platform, shared in a meeting — the window for uncontested prior art closes. Seal at the moment of completion, not after a dispute arises.

High-value cases for PDF sealing:

Contracts and agreements — Seal the final version of every significant contract before sending it for counter-signature. This establishes the exact content of the agreement at the time it was finalised, protecting against later claims that a different version was the agreed text.

Intellectual property documents — Design files exported to PDF, manuscript drafts, technical specifications, business plans, software documentation. Seal before sharing with any external party.

Financial records — Seal audited accounts, financial statements, and valuation reports. This is increasingly requested by due diligence teams for M&A and fundraising processes.

Legal correspondence — Seal legal advice and expert reports at the time of delivery. This establishes the content and timing of advice given, relevant in professional liability contexts.

Regulatory submissions — Seal regulatory filings before submission. This creates a contemporaneous record of exactly what was submitted, protecting against regulatory disputes about submission content.

No Hardware Token Required

One of the most common misconceptions about qualified electronic seals is that they require a hardware security module (HSM) or a physical smart card. This is true for some forms of qualified electronic signatures — where the signer's private key must be stored on a secure device.

For qualified electronic timestamps — which is what Swiss Trust Layer uses — no hardware token is required. The certification authority (Swisscom Trust Services) holds the timestamping key in its accredited infrastructure. You do not need any special hardware. The entire workflow runs through a standard web browser.

This makes ZertES-certified PDF sealing accessible to individuals, small businesses, freelancers, and creative professionals who need court-admissible document provenance without the complexity of traditional PKI infrastructure.

Getting Started

Create a free account at swisstrustlayer.com. Your first seal takes under two minutes. Seal Credits Lite starts at CHF 5 per year for ongoing access.